./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version e7bb482b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/config/AutomizerReach.xml -i ../../sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash bed571a327ae9eee0b2e62daa6070780d20555ec322abcda9e725c1fa87edc9c --- Real Ultimate output --- This is Ultimate 0.2.3-dev-e7bb482 [2023-11-06 23:05:11,083 INFO L188 SettingsManager]: Resetting all preferences to default values... [2023-11-06 23:05:11,223 INFO L114 SettingsManager]: Loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/config/svcomp-Reach-32bit-Automizer_Default.epf [2023-11-06 23:05:11,238 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2023-11-06 23:05:11,239 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2023-11-06 23:05:11,284 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2023-11-06 23:05:11,288 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2023-11-06 23:05:11,289 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2023-11-06 23:05:11,292 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2023-11-06 23:05:11,299 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2023-11-06 23:05:11,301 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2023-11-06 23:05:11,301 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2023-11-06 23:05:11,302 INFO L153 SettingsManager]: * Use SBE=true [2023-11-06 23:05:11,302 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2023-11-06 23:05:11,303 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2023-11-06 23:05:11,304 INFO L153 SettingsManager]: * sizeof long=4 [2023-11-06 23:05:11,304 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2023-11-06 23:05:11,305 INFO L153 SettingsManager]: * sizeof POINTER=4 [2023-11-06 23:05:11,305 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2023-11-06 23:05:11,306 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2023-11-06 23:05:11,306 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2023-11-06 23:05:11,307 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2023-11-06 23:05:11,307 INFO L153 SettingsManager]: * sizeof long double=12 [2023-11-06 23:05:11,308 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2023-11-06 23:05:11,308 INFO L153 SettingsManager]: * Use constant arrays=true [2023-11-06 23:05:11,309 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2023-11-06 23:05:11,309 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2023-11-06 23:05:11,310 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2023-11-06 23:05:11,310 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 23:05:11,311 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2023-11-06 23:05:11,312 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2023-11-06 23:05:11,312 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2023-11-06 23:05:11,312 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2023-11-06 23:05:11,313 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2023-11-06 23:05:11,313 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2023-11-06 23:05:11,313 INFO L153 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2023-11-06 23:05:11,314 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2023-11-06 23:05:11,314 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2023-11-06 23:05:11,314 INFO L153 SettingsManager]: * Independence relation used for large block encoding in concurrent analysis=SYNTACTIC [2023-11-06 23:05:11,315 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> bed571a327ae9eee0b2e62daa6070780d20555ec322abcda9e725c1fa87edc9c [2023-11-06 23:05:11,612 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2023-11-06 23:05:11,651 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2023-11-06 23:05:11,654 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2023-11-06 23:05:11,657 INFO L270 PluginConnector]: Initializing CDTParser... [2023-11-06 23:05:11,657 INFO L274 PluginConnector]: CDTParser initialized [2023-11-06 23:05:11,659 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/../../sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c [2023-11-06 23:05:15,245 INFO L533 CDTParser]: Created temporary CDT project at NULL [2023-11-06 23:05:15,681 INFO L384 CDTParser]: Found 1 translation units. [2023-11-06 23:05:15,682 INFO L180 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c [2023-11-06 23:05:15,700 INFO L427 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/data/8b8421d93/932be83d69a6464ebbf8169aa6741bcd/FLAG81f8e217c [2023-11-06 23:05:15,726 INFO L435 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/data/8b8421d93/932be83d69a6464ebbf8169aa6741bcd [2023-11-06 23:05:15,734 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2023-11-06 23:05:15,738 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2023-11-06 23:05:15,744 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2023-11-06 23:05:15,745 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2023-11-06 23:05:15,751 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2023-11-06 23:05:15,754 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 11:05:15" (1/1) ... [2023-11-06 23:05:15,756 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2c865411 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:15, skipping insertion in model container [2023-11-06 23:05:15,757 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 06.11 11:05:15" (1/1) ... [2023-11-06 23:05:15,844 INFO L177 MainTranslator]: Built tables and reachable declarations [2023-11-06 23:05:16,171 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c[17002,17015] [2023-11-06 23:05:16,192 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 23:05:16,209 INFO L202 MainTranslator]: Completed pre-run [2023-11-06 23:05:16,225 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [49] [2023-11-06 23:05:16,227 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [160] [2023-11-06 23:05:16,228 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [230] [2023-11-06 23:05:16,228 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [469] [2023-11-06 23:05:16,229 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [835] [2023-11-06 23:05:16,229 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [844] [2023-11-06 23:05:16,229 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [893] [2023-11-06 23:05:16,230 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [993] [2023-11-06 23:05:16,327 WARN L240 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/sv-benchmarks/c/product-lines/minepump_spec5_product59.cil.c[17002,17015] [2023-11-06 23:05:16,338 INFO L209 PostProcessor]: Analyzing one entry point: main [2023-11-06 23:05:16,364 INFO L206 MainTranslator]: Completed translation [2023-11-06 23:05:16,365 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16 WrapperNode [2023-11-06 23:05:16,365 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2023-11-06 23:05:16,366 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2023-11-06 23:05:16,367 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2023-11-06 23:05:16,367 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2023-11-06 23:05:16,376 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,396 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,447 INFO L138 Inliner]: procedures = 59, calls = 105, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 235 [2023-11-06 23:05:16,448 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2023-11-06 23:05:16,449 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2023-11-06 23:05:16,449 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2023-11-06 23:05:16,449 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2023-11-06 23:05:16,462 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,463 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,482 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,485 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,491 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,497 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,499 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,502 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,506 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2023-11-06 23:05:16,507 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2023-11-06 23:05:16,507 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2023-11-06 23:05:16,507 INFO L274 PluginConnector]: RCFGBuilder initialized [2023-11-06 23:05:16,508 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (1/1) ... [2023-11-06 23:05:16,517 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2023-11-06 23:05:16,549 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 23:05:16,565 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2023-11-06 23:05:16,592 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2023-11-06 23:05:16,631 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2023-11-06 23:05:16,631 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2023-11-06 23:05:16,631 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2023-11-06 23:05:16,632 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2023-11-06 23:05:16,634 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2023-11-06 23:05:16,635 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2023-11-06 23:05:16,636 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2023-11-06 23:05:16,636 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:05:16,636 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:05:16,637 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2023-11-06 23:05:16,637 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2023-11-06 23:05:16,637 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2023-11-06 23:05:16,637 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2023-11-06 23:05:16,637 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2023-11-06 23:05:16,638 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2023-11-06 23:05:16,638 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2023-11-06 23:05:16,639 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2023-11-06 23:05:16,639 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2023-11-06 23:05:16,639 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2023-11-06 23:05:16,640 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2023-11-06 23:05:16,792 INFO L236 CfgBuilder]: Building ICFG [2023-11-06 23:05:16,795 INFO L262 CfgBuilder]: Building CFG for each procedure with an implementation [2023-11-06 23:05:17,328 INFO L277 CfgBuilder]: Performing block encoding [2023-11-06 23:05:17,340 INFO L297 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2023-11-06 23:05:17,340 INFO L302 CfgBuilder]: Removed 2 assume(true) statements. [2023-11-06 23:05:17,343 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:05:17 BoogieIcfgContainer [2023-11-06 23:05:17,344 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2023-11-06 23:05:17,350 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2023-11-06 23:05:17,351 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2023-11-06 23:05:17,355 INFO L274 PluginConnector]: TraceAbstraction initialized [2023-11-06 23:05:17,355 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 06.11 11:05:15" (1/3) ... [2023-11-06 23:05:17,356 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@f8dd1b1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 11:05:17, skipping insertion in model container [2023-11-06 23:05:17,356 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 06.11 11:05:16" (2/3) ... [2023-11-06 23:05:17,359 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@f8dd1b1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 06.11 11:05:17, skipping insertion in model container [2023-11-06 23:05:17,359 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:05:17" (3/3) ... [2023-11-06 23:05:17,362 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product59.cil.c [2023-11-06 23:05:17,382 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2023-11-06 23:05:17,382 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2023-11-06 23:05:17,472 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2023-11-06 23:05:17,481 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4a3d81fb, mLbeIndependenceSettings=[IndependenceType=SYNTACTIC, AbstractionType=NONE, UseConditional=, UseSemiCommutativity=, Solver=, SolverTimeout=] [2023-11-06 23:05:17,481 INFO L358 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2023-11-06 23:05:17,487 INFO L276 IsEmpty]: Start isEmpty. Operand has 103 states, 79 states have (on average 1.3670886075949367) internal successors, (108), 88 states have internal predecessors, (108), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2023-11-06 23:05:17,501 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2023-11-06 23:05:17,501 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:17,502 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:17,503 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:17,509 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:17,510 INFO L85 PathProgramCache]: Analyzing trace with hash -483847655, now seen corresponding path program 1 times [2023-11-06 23:05:17,522 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:17,522 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1906631019] [2023-11-06 23:05:17,523 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:17,523 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:17,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:17,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2023-11-06 23:05:17,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:17,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2023-11-06 23:05:17,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:17,794 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:17,795 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:17,795 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1906631019] [2023-11-06 23:05:17,796 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1906631019] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:17,797 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:17,797 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2023-11-06 23:05:17,799 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1431764920] [2023-11-06 23:05:17,809 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:17,815 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2023-11-06 23:05:17,816 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:17,872 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2023-11-06 23:05:17,875 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 23:05:17,880 INFO L87 Difference]: Start difference. First operand has 103 states, 79 states have (on average 1.3670886075949367) internal successors, (108), 88 states have internal predecessors, (108), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:05:17,929 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:17,929 INFO L93 Difference]: Finished difference Result 197 states and 266 transitions. [2023-11-06 23:05:17,931 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2023-11-06 23:05:17,932 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 32 [2023-11-06 23:05:17,933 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:17,944 INFO L225 Difference]: With dead ends: 197 [2023-11-06 23:05:17,945 INFO L226 Difference]: Without dead ends: 94 [2023-11-06 23:05:17,950 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2023-11-06 23:05:17,955 INFO L413 NwaCegarLoop]: 130 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 130 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:17,957 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 130 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2023-11-06 23:05:17,979 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 94 states. [2023-11-06 23:05:18,010 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 94 to 94. [2023-11-06 23:05:18,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 94 states, 72 states have (on average 1.3055555555555556) internal successors, (94), 80 states have internal predecessors, (94), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2023-11-06 23:05:18,016 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 94 states to 94 states and 121 transitions. [2023-11-06 23:05:18,018 INFO L78 Accepts]: Start accepts. Automaton has 94 states and 121 transitions. Word has length 32 [2023-11-06 23:05:18,019 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:18,019 INFO L495 AbstractCegarLoop]: Abstraction has 94 states and 121 transitions. [2023-11-06 23:05:18,020 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.0) internal successors, (24), 2 states have internal predecessors, (24), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2023-11-06 23:05:18,020 INFO L276 IsEmpty]: Start isEmpty. Operand 94 states and 121 transitions. [2023-11-06 23:05:18,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2023-11-06 23:05:18,025 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:18,025 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:18,025 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2023-11-06 23:05:18,026 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:18,027 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:18,027 INFO L85 PathProgramCache]: Analyzing trace with hash 697495445, now seen corresponding path program 1 times [2023-11-06 23:05:18,028 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:18,028 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2058692070] [2023-11-06 23:05:18,028 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:18,029 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:18,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:18,371 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2023-11-06 23:05:18,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:18,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2023-11-06 23:05:18,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:18,392 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:18,392 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:18,392 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2058692070] [2023-11-06 23:05:18,393 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2058692070] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:18,393 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:18,393 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 23:05:18,393 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1547061489] [2023-11-06 23:05:18,394 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:18,395 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 23:05:18,395 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:18,412 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 23:05:18,413 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2023-11-06 23:05:18,415 INFO L87 Difference]: Start difference. First operand 94 states and 121 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:05:18,839 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:18,839 INFO L93 Difference]: Finished difference Result 321 states and 427 transitions. [2023-11-06 23:05:18,840 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2023-11-06 23:05:18,840 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 37 [2023-11-06 23:05:18,841 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:18,846 INFO L225 Difference]: With dead ends: 321 [2023-11-06 23:05:18,846 INFO L226 Difference]: Without dead ends: 235 [2023-11-06 23:05:18,849 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2023-11-06 23:05:18,851 INFO L413 NwaCegarLoop]: 132 mSDtfsCounter, 312 mSDsluCounter, 388 mSDsCounter, 0 mSdLazyCounter, 109 mSolverCounterSat, 36 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 312 SdHoareTripleChecker+Valid, 520 SdHoareTripleChecker+Invalid, 145 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 36 IncrementalHoareTripleChecker+Valid, 109 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:18,852 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [312 Valid, 520 Invalid, 145 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [36 Valid, 109 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 23:05:18,854 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 235 states. [2023-11-06 23:05:18,903 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 235 to 229. [2023-11-06 23:05:18,905 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 229 states, 172 states have (on average 1.3255813953488371) internal successors, (228), 190 states have internal predecessors, (228), 37 states have call successors, (37), 22 states have call predecessors, (37), 19 states have return successors, (37), 26 states have call predecessors, (37), 34 states have call successors, (37) [2023-11-06 23:05:18,912 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 229 states to 229 states and 302 transitions. [2023-11-06 23:05:18,912 INFO L78 Accepts]: Start accepts. Automaton has 229 states and 302 transitions. Word has length 37 [2023-11-06 23:05:18,913 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:18,913 INFO L495 AbstractCegarLoop]: Abstraction has 229 states and 302 transitions. [2023-11-06 23:05:18,914 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 6 states have internal predecessors, (30), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:05:18,914 INFO L276 IsEmpty]: Start isEmpty. Operand 229 states and 302 transitions. [2023-11-06 23:05:18,918 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2023-11-06 23:05:18,919 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:18,919 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:18,919 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2023-11-06 23:05:18,920 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:18,920 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:18,921 INFO L85 PathProgramCache]: Analyzing trace with hash -31413208, now seen corresponding path program 1 times [2023-11-06 23:05:18,921 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:18,921 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [672569849] [2023-11-06 23:05:18,922 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:18,922 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:18,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2023-11-06 23:05:19,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,092 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2023-11-06 23:05:19,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:05:19,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2023-11-06 23:05:19,146 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,149 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:19,150 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:19,150 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [672569849] [2023-11-06 23:05:19,150 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [672569849] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:19,152 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:19,153 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 23:05:19,153 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1700194378] [2023-11-06 23:05:19,153 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:19,156 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 23:05:19,156 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:19,157 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 23:05:19,158 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:05:19,158 INFO L87 Difference]: Start difference. First operand 229 states and 302 transitions. Second operand has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2023-11-06 23:05:19,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:19,567 INFO L93 Difference]: Finished difference Result 676 states and 937 transitions. [2023-11-06 23:05:19,567 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2023-11-06 23:05:19,568 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) Word has length 47 [2023-11-06 23:05:19,568 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:19,576 INFO L225 Difference]: With dead ends: 676 [2023-11-06 23:05:19,576 INFO L226 Difference]: Without dead ends: 455 [2023-11-06 23:05:19,581 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2023-11-06 23:05:19,583 INFO L413 NwaCegarLoop]: 155 mSDtfsCounter, 253 mSDsluCounter, 234 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 82 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 257 SdHoareTripleChecker+Valid, 389 SdHoareTripleChecker+Invalid, 221 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 82 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:19,584 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [257 Valid, 389 Invalid, 221 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [82 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 23:05:19,586 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 455 states. [2023-11-06 23:05:19,706 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 455 to 410. [2023-11-06 23:05:19,712 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 410 states, 311 states have (on average 1.257234726688103) internal successors, (391), 325 states have internal predecessors, (391), 59 states have call successors, (59), 40 states have call predecessors, (59), 39 states have return successors, (88), 58 states have call predecessors, (88), 54 states have call successors, (88) [2023-11-06 23:05:19,721 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 410 states to 410 states and 538 transitions. [2023-11-06 23:05:19,722 INFO L78 Accepts]: Start accepts. Automaton has 410 states and 538 transitions. Word has length 47 [2023-11-06 23:05:19,722 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:19,723 INFO L495 AbstractCegarLoop]: Abstraction has 410 states and 538 transitions. [2023-11-06 23:05:19,723 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.2) internal successors, (36), 5 states have internal predecessors, (36), 4 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 4 states have call successors, (4) [2023-11-06 23:05:19,723 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 538 transitions. [2023-11-06 23:05:19,726 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2023-11-06 23:05:19,726 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:19,726 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:19,727 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2023-11-06 23:05:19,727 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:19,727 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:19,728 INFO L85 PathProgramCache]: Analyzing trace with hash 995675595, now seen corresponding path program 1 times [2023-11-06 23:05:19,728 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:19,728 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [394293039] [2023-11-06 23:05:19,728 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:19,729 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:19,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2023-11-06 23:05:19,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2023-11-06 23:05:19,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:19,970 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2023-11-06 23:05:19,970 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:19,971 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [394293039] [2023-11-06 23:05:19,971 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [394293039] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:19,971 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:19,971 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 23:05:19,972 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [218881543] [2023-11-06 23:05:19,972 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:19,972 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 23:05:19,973 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:19,974 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 23:05:19,974 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 23:05:19,974 INFO L87 Difference]: Start difference. First operand 410 states and 538 transitions. Second operand has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:05:20,226 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:20,226 INFO L93 Difference]: Finished difference Result 816 states and 1093 transitions. [2023-11-06 23:05:20,227 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2023-11-06 23:05:20,227 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 41 [2023-11-06 23:05:20,228 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:20,237 INFO L225 Difference]: With dead ends: 816 [2023-11-06 23:05:20,237 INFO L226 Difference]: Without dead ends: 414 [2023-11-06 23:05:20,242 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2023-11-06 23:05:20,254 INFO L413 NwaCegarLoop]: 121 mSDtfsCounter, 88 mSDsluCounter, 399 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 90 SdHoareTripleChecker+Valid, 520 SdHoareTripleChecker+Invalid, 79 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:20,254 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [90 Valid, 520 Invalid, 79 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 23:05:20,256 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 414 states. [2023-11-06 23:05:20,343 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 414 to 405. [2023-11-06 23:05:20,344 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 306 states have (on average 1.2287581699346406) internal successors, (376), 320 states have internal predecessors, (376), 59 states have call successors, (59), 40 states have call predecessors, (59), 39 states have return successors, (88), 58 states have call predecessors, (88), 54 states have call successors, (88) [2023-11-06 23:05:20,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 523 transitions. [2023-11-06 23:05:20,351 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 523 transitions. Word has length 41 [2023-11-06 23:05:20,353 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:20,354 INFO L495 AbstractCegarLoop]: Abstraction has 405 states and 523 transitions. [2023-11-06 23:05:20,354 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.0) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2023-11-06 23:05:20,354 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 523 transitions. [2023-11-06 23:05:20,362 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 23:05:20,362 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:20,363 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:20,363 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2023-11-06 23:05:20,364 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:20,365 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:20,365 INFO L85 PathProgramCache]: Analyzing trace with hash -1901282667, now seen corresponding path program 1 times [2023-11-06 23:05:20,365 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:20,367 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [295845617] [2023-11-06 23:05:20,367 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:20,367 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:20,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:20,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2023-11-06 23:05:20,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:20,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2023-11-06 23:05:20,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:20,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2023-11-06 23:05:20,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:20,575 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:20,575 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:20,575 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [295845617] [2023-11-06 23:05:20,575 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [295845617] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:20,575 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:20,576 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2023-11-06 23:05:20,576 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1472556332] [2023-11-06 23:05:20,576 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:20,577 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2023-11-06 23:05:20,577 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:20,577 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2023-11-06 23:05:20,578 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2023-11-06 23:05:20,578 INFO L87 Difference]: Start difference. First operand 405 states and 523 transitions. Second operand has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:20,845 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:20,845 INFO L93 Difference]: Finished difference Result 832 states and 1113 transitions. [2023-11-06 23:05:20,846 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 23:05:20,846 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 55 [2023-11-06 23:05:20,846 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:20,851 INFO L225 Difference]: With dead ends: 832 [2023-11-06 23:05:20,852 INFO L226 Difference]: Without dead ends: 435 [2023-11-06 23:05:20,855 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2023-11-06 23:05:20,857 INFO L413 NwaCegarLoop]: 105 mSDtfsCounter, 76 mSDsluCounter, 350 mSDsCounter, 0 mSdLazyCounter, 127 mSolverCounterSat, 28 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 79 SdHoareTripleChecker+Valid, 455 SdHoareTripleChecker+Invalid, 155 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 28 IncrementalHoareTripleChecker+Valid, 127 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:20,857 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [79 Valid, 455 Invalid, 155 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [28 Valid, 127 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2023-11-06 23:05:20,859 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 435 states. [2023-11-06 23:05:20,948 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 435 to 411. [2023-11-06 23:05:20,951 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 411 states, 312 states have (on average 1.2243589743589745) internal successors, (382), 326 states have internal predecessors, (382), 59 states have call successors, (59), 40 states have call predecessors, (59), 39 states have return successors, (88), 58 states have call predecessors, (88), 54 states have call successors, (88) [2023-11-06 23:05:20,961 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 411 states to 411 states and 529 transitions. [2023-11-06 23:05:20,963 INFO L78 Accepts]: Start accepts. Automaton has 411 states and 529 transitions. Word has length 55 [2023-11-06 23:05:20,965 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:20,965 INFO L495 AbstractCegarLoop]: Abstraction has 411 states and 529 transitions. [2023-11-06 23:05:20,966 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.666666666666667) internal successors, (46), 5 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:20,966 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 529 transitions. [2023-11-06 23:05:20,968 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 23:05:20,969 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:20,969 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:20,969 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2023-11-06 23:05:20,970 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:20,970 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:20,970 INFO L85 PathProgramCache]: Analyzing trace with hash 588246295, now seen corresponding path program 1 times [2023-11-06 23:05:20,971 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:20,971 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1844047165] [2023-11-06 23:05:20,971 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:20,971 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:20,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2023-11-06 23:05:21,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2023-11-06 23:05:21,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2023-11-06 23:05:21,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,179 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:21,180 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:21,180 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1844047165] [2023-11-06 23:05:21,180 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1844047165] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:21,180 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:21,181 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 23:05:21,181 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1905560631] [2023-11-06 23:05:21,181 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:21,182 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 23:05:21,182 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:21,183 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 23:05:21,183 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:05:21,183 INFO L87 Difference]: Start difference. First operand 411 states and 529 transitions. Second operand has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:21,420 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:21,420 INFO L93 Difference]: Finished difference Result 844 states and 1125 transitions. [2023-11-06 23:05:21,421 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2023-11-06 23:05:21,421 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 55 [2023-11-06 23:05:21,422 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:21,426 INFO L225 Difference]: With dead ends: 844 [2023-11-06 23:05:21,427 INFO L226 Difference]: Without dead ends: 441 [2023-11-06 23:05:21,430 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2023-11-06 23:05:21,431 INFO L413 NwaCegarLoop]: 106 mSDtfsCounter, 78 mSDsluCounter, 250 mSDsCounter, 0 mSdLazyCounter, 97 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 82 SdHoareTripleChecker+Valid, 356 SdHoareTripleChecker+Invalid, 120 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 97 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:21,432 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [82 Valid, 356 Invalid, 120 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 97 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2023-11-06 23:05:21,434 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 441 states. [2023-11-06 23:05:21,490 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 441 to 415. [2023-11-06 23:05:21,492 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 415 states, 316 states have (on average 1.2215189873417722) internal successors, (386), 330 states have internal predecessors, (386), 59 states have call successors, (59), 40 states have call predecessors, (59), 39 states have return successors, (88), 58 states have call predecessors, (88), 54 states have call successors, (88) [2023-11-06 23:05:21,496 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 415 states to 415 states and 533 transitions. [2023-11-06 23:05:21,497 INFO L78 Accepts]: Start accepts. Automaton has 415 states and 533 transitions. Word has length 55 [2023-11-06 23:05:21,497 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:21,497 INFO L495 AbstractCegarLoop]: Abstraction has 415 states and 533 transitions. [2023-11-06 23:05:21,498 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:21,498 INFO L276 IsEmpty]: Start isEmpty. Operand 415 states and 533 transitions. [2023-11-06 23:05:21,499 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2023-11-06 23:05:21,499 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:21,499 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:21,500 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2023-11-06 23:05:21,500 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:21,500 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:21,500 INFO L85 PathProgramCache]: Analyzing trace with hash 728794905, now seen corresponding path program 1 times [2023-11-06 23:05:21,501 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:21,501 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1434098865] [2023-11-06 23:05:21,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:21,501 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:21,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2023-11-06 23:05:21,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2023-11-06 23:05:21,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2023-11-06 23:05:21,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:21,628 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:21,629 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:21,629 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1434098865] [2023-11-06 23:05:21,629 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1434098865] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:21,629 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:21,629 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2023-11-06 23:05:21,630 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [571497105] [2023-11-06 23:05:21,630 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:21,630 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2023-11-06 23:05:21,631 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:21,631 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2023-11-06 23:05:21,632 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2023-11-06 23:05:21,632 INFO L87 Difference]: Start difference. First operand 415 states and 533 transitions. Second operand has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:22,040 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:22,040 INFO L93 Difference]: Finished difference Result 1251 states and 1714 transitions. [2023-11-06 23:05:22,041 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2023-11-06 23:05:22,041 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 55 [2023-11-06 23:05:22,042 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:22,051 INFO L225 Difference]: With dead ends: 1251 [2023-11-06 23:05:22,051 INFO L226 Difference]: Without dead ends: 817 [2023-11-06 23:05:22,056 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2023-11-06 23:05:22,057 INFO L413 NwaCegarLoop]: 158 mSDtfsCounter, 269 mSDsluCounter, 231 mSDsCounter, 0 mSdLazyCounter, 157 mSolverCounterSat, 87 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 276 SdHoareTripleChecker+Valid, 389 SdHoareTripleChecker+Invalid, 244 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 87 IncrementalHoareTripleChecker+Valid, 157 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:22,058 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [276 Valid, 389 Invalid, 244 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [87 Valid, 157 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2023-11-06 23:05:22,060 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 817 states. [2023-11-06 23:05:22,178 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 817 to 793. [2023-11-06 23:05:22,180 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 793 states, 596 states have (on average 1.2114093959731544) internal successors, (722), 624 states have internal predecessors, (722), 121 states have call successors, (121), 86 states have call predecessors, (121), 75 states have return successors, (200), 110 states have call predecessors, (200), 111 states have call successors, (200) [2023-11-06 23:05:22,191 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 793 states to 793 states and 1043 transitions. [2023-11-06 23:05:22,191 INFO L78 Accepts]: Start accepts. Automaton has 793 states and 1043 transitions. Word has length 55 [2023-11-06 23:05:22,192 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:22,192 INFO L495 AbstractCegarLoop]: Abstraction has 793 states and 1043 transitions. [2023-11-06 23:05:22,192 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.2) internal successors, (46), 4 states have internal predecessors, (46), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2023-11-06 23:05:22,192 INFO L276 IsEmpty]: Start isEmpty. Operand 793 states and 1043 transitions. [2023-11-06 23:05:22,195 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 60 [2023-11-06 23:05:22,195 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:22,195 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:22,195 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2023-11-06 23:05:22,196 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:22,196 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:22,196 INFO L85 PathProgramCache]: Analyzing trace with hash 1287141247, now seen corresponding path program 1 times [2023-11-06 23:05:22,197 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:22,197 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [487140759] [2023-11-06 23:05:22,197 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:22,197 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:22,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:22,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 23:05:22,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:22,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2023-11-06 23:05:22,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:22,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2023-11-06 23:05:22,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:22,567 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 51 [2023-11-06 23:05:22,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:22,571 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2023-11-06 23:05:22,572 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:22,572 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [487140759] [2023-11-06 23:05:22,572 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [487140759] provided 1 perfect and 0 imperfect interpolant sequences [2023-11-06 23:05:22,572 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2023-11-06 23:05:22,572 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2023-11-06 23:05:22,573 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1203804388] [2023-11-06 23:05:22,573 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2023-11-06 23:05:22,573 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2023-11-06 23:05:22,574 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:22,574 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2023-11-06 23:05:22,575 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2023-11-06 23:05:22,575 INFO L87 Difference]: Start difference. First operand 793 states and 1043 transitions. Second operand has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 23:05:23,829 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:23,830 INFO L93 Difference]: Finished difference Result 2082 states and 2934 transitions. [2023-11-06 23:05:23,831 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2023-11-06 23:05:23,831 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 59 [2023-11-06 23:05:23,833 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:23,849 INFO L225 Difference]: With dead ends: 2082 [2023-11-06 23:05:23,849 INFO L226 Difference]: Without dead ends: 1395 [2023-11-06 23:05:23,859 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 28 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 199 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=209, Invalid=661, Unknown=0, NotChecked=0, Total=870 [2023-11-06 23:05:23,861 INFO L413 NwaCegarLoop]: 144 mSDtfsCounter, 794 mSDsluCounter, 582 mSDsCounter, 0 mSdLazyCounter, 526 mSolverCounterSat, 287 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 802 SdHoareTripleChecker+Valid, 726 SdHoareTripleChecker+Invalid, 813 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 287 IncrementalHoareTripleChecker+Valid, 526 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:23,862 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [802 Valid, 726 Invalid, 813 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [287 Valid, 526 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2023-11-06 23:05:23,866 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1395 states. [2023-11-06 23:05:24,059 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1395 to 1158. [2023-11-06 23:05:24,062 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1158 states, 874 states have (on average 1.200228832951945) internal successors, (1049), 919 states have internal predecessors, (1049), 169 states have call successors, (169), 120 states have call predecessors, (169), 114 states have return successors, (269), 152 states have call predecessors, (269), 157 states have call successors, (269) [2023-11-06 23:05:24,076 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1158 states to 1158 states and 1487 transitions. [2023-11-06 23:05:24,077 INFO L78 Accepts]: Start accepts. Automaton has 1158 states and 1487 transitions. Word has length 59 [2023-11-06 23:05:24,077 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:24,078 INFO L495 AbstractCegarLoop]: Abstraction has 1158 states and 1487 transitions. [2023-11-06 23:05:24,078 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.8) internal successors, (48), 8 states have internal predecessors, (48), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2023-11-06 23:05:24,078 INFO L276 IsEmpty]: Start isEmpty. Operand 1158 states and 1487 transitions. [2023-11-06 23:05:24,082 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2023-11-06 23:05:24,083 INFO L187 NwaCegarLoop]: Found error trace [2023-11-06 23:05:24,083 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:24,083 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2023-11-06 23:05:24,084 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2023-11-06 23:05:24,084 INFO L145 PredicateUnifier]: Initialized classic predicate unifier [2023-11-06 23:05:24,084 INFO L85 PathProgramCache]: Analyzing trace with hash -1032451292, now seen corresponding path program 1 times [2023-11-06 23:05:24,084 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2023-11-06 23:05:24,085 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1324279837] [2023-11-06 23:05:24,085 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:24,085 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2023-11-06 23:05:24,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2023-11-06 23:05:24,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,393 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2023-11-06 23:05:24,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2023-11-06 23:05:24,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2023-11-06 23:05:24,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2023-11-06 23:05:24,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2023-11-06 23:05:24,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2023-11-06 23:05:24,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,482 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2023-11-06 23:05:24,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,486 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 17 proven. 9 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2023-11-06 23:05:24,487 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2023-11-06 23:05:24,487 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1324279837] [2023-11-06 23:05:24,487 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1324279837] provided 0 perfect and 1 imperfect interpolant sequences [2023-11-06 23:05:24,487 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [612865473] [2023-11-06 23:05:24,488 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2023-11-06 23:05:24,488 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 23:05:24,488 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 [2023-11-06 23:05:24,492 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2023-11-06 23:05:24,516 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2023-11-06 23:05:24,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2023-11-06 23:05:24,641 INFO L262 TraceCheckSpWp]: Trace formula consists of 346 conjuncts, 8 conjunts are in the unsatisfiable core [2023-11-06 23:05:24,656 INFO L285 TraceCheckSpWp]: Computing forward predicates... [2023-11-06 23:05:24,905 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 24 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2023-11-06 23:05:24,906 INFO L327 TraceCheckSpWp]: Computing backward predicates... [2023-11-06 23:05:25,216 INFO L134 CoverageAnalysis]: Checked inductivity of 33 backedges. 18 proven. 8 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2023-11-06 23:05:25,217 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [612865473] provided 0 perfect and 2 imperfect interpolant sequences [2023-11-06 23:05:25,217 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2023-11-06 23:05:25,217 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 6, 6] total 16 [2023-11-06 23:05:25,218 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1991609065] [2023-11-06 23:05:25,219 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2023-11-06 23:05:25,221 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 16 states [2023-11-06 23:05:25,221 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2023-11-06 23:05:25,222 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2023-11-06 23:05:25,223 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=202, Unknown=0, NotChecked=0, Total=240 [2023-11-06 23:05:25,224 INFO L87 Difference]: Start difference. First operand 1158 states and 1487 transitions. Second operand has 16 states, 16 states have (on average 7.75) internal successors, (124), 11 states have internal predecessors, (124), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2023-11-06 23:05:27,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2023-11-06 23:05:27,268 INFO L93 Difference]: Finished difference Result 2574 states and 3406 transitions. [2023-11-06 23:05:27,269 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 35 states. [2023-11-06 23:05:27,269 INFO L78 Accepts]: Start accepts. Automaton has has 16 states, 16 states have (on average 7.75) internal successors, (124), 11 states have internal predecessors, (124), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) Word has length 100 [2023-11-06 23:05:27,270 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2023-11-06 23:05:27,271 INFO L225 Difference]: With dead ends: 2574 [2023-11-06 23:05:27,272 INFO L226 Difference]: Without dead ends: 0 [2023-11-06 23:05:27,290 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 266 GetRequests, 221 SyntacticMatches, 4 SemanticMatches, 41 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 440 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=313, Invalid=1493, Unknown=0, NotChecked=0, Total=1806 [2023-11-06 23:05:27,293 INFO L413 NwaCegarLoop]: 220 mSDtfsCounter, 488 mSDsluCounter, 1648 mSDsCounter, 0 mSdLazyCounter, 1383 mSolverCounterSat, 185 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 489 SdHoareTripleChecker+Valid, 1868 SdHoareTripleChecker+Invalid, 1568 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 185 IncrementalHoareTripleChecker+Valid, 1383 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2023-11-06 23:05:27,294 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [489 Valid, 1868 Invalid, 1568 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [185 Valid, 1383 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2023-11-06 23:05:27,295 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2023-11-06 23:05:27,295 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2023-11-06 23:05:27,296 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2023-11-06 23:05:27,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2023-11-06 23:05:27,296 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 100 [2023-11-06 23:05:27,297 INFO L84 Accepts]: Finished accepts. word is rejected. [2023-11-06 23:05:27,297 INFO L495 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2023-11-06 23:05:27,297 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 16 states, 16 states have (on average 7.75) internal successors, (124), 11 states have internal predecessors, (124), 5 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (16), 7 states have call predecessors, (16), 5 states have call successors, (16) [2023-11-06 23:05:27,298 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2023-11-06 23:05:27,298 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2023-11-06 23:05:27,302 INFO L805 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2023-11-06 23:05:27,315 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2023-11-06 23:05:27,509 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2023-11-06 23:05:27,512 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2023-11-06 23:05:44,789 INFO L899 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 352 359) no Hoare annotation was computed. [2023-11-06 23:05:44,790 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 352 359) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (< |old(~pumpRunning~0)| 1)) (.cse2 (= 0 ~systemActive~0))) (and (or (< 2 ~waterLevel~0) .cse0 (< ~switchedOnBeforeTS~0 1) .cse1 .cse2) (or .cse0 (not (= 2 ~waterLevel~0)) .cse1 .cse2))) [2023-11-06 23:05:44,790 INFO L899 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 352 359) no Hoare annotation was computed. [2023-11-06 23:05:44,790 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 267 273) no Hoare annotation was computed. [2023-11-06 23:05:44,791 INFO L902 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 267 273) the Hoare annotation is: true [2023-11-06 23:05:44,791 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 84 95) the Hoare annotation is: true [2023-11-06 23:05:44,791 INFO L899 garLoopResultBuilder]: For program point L88-1(lines 84 95) no Hoare annotation was computed. [2023-11-06 23:05:44,791 INFO L899 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 84 95) no Hoare annotation was computed. [2023-11-06 23:05:44,791 INFO L899 garLoopResultBuilder]: For program point cleanupEXIT(lines 895 924) no Hoare annotation was computed. [2023-11-06 23:05:44,792 INFO L902 garLoopResultBuilder]: At program point L920(lines 895 924) the Hoare annotation is: true [2023-11-06 23:05:44,792 INFO L899 garLoopResultBuilder]: For program point L916(line 916) no Hoare annotation was computed. [2023-11-06 23:05:44,792 INFO L899 garLoopResultBuilder]: For program point L909(lines 909 913) no Hoare annotation was computed. [2023-11-06 23:05:44,792 INFO L895 garLoopResultBuilder]: At program point L909-1(lines 909 913) the Hoare annotation is: (let ((.cse4 (= 0 ~systemActive~0))) (let ((.cse5 (= ~pumpRunning~0 0)) (.cse9 (<= ~waterLevel~0 2)) (.cse10 (<= 1 ~pumpRunning~0)) (.cse6 (not .cse4))) (let ((.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (and .cse10 (= 2 ~waterLevel~0) .cse6)) (.cse1 (and .cse10 .cse9 (<= 1 ~switchedOnBeforeTS~0) .cse6)) (.cse2 (< |old(~pumpRunning~0)| 1)) (.cse3 (and .cse5 .cse9 .cse6)) (.cse8 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 .cse1 (not (= |old(~waterLevel~0)| 2)) .cse2 .cse3 .cse4) (or (and .cse5 (= ~waterLevel~0 1) .cse6) .cse7 (not (= |old(~waterLevel~0)| 1)) .cse4) (or .cse0 .cse7 (and .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse3 .cse8) (or .cse0 (< |old(~switchedOnBeforeTS~0)| 1) .cse1 .cse2 .cse3 .cse4 .cse8))))) [2023-11-06 23:05:44,793 INFO L899 garLoopResultBuilder]: For program point L906(line 906) no Hoare annotation was computed. [2023-11-06 23:05:44,793 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 895 924) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse5) (or (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1))) [2023-11-06 23:05:44,793 INFO L895 garLoopResultBuilder]: At program point L905-2(lines 905 919) the Hoare annotation is: (let ((.cse4 (= 0 ~systemActive~0))) (let ((.cse5 (= ~pumpRunning~0 0)) (.cse9 (<= ~waterLevel~0 2)) (.cse10 (<= 1 ~pumpRunning~0)) (.cse6 (not .cse4))) (let ((.cse7 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (and .cse10 (= 2 ~waterLevel~0) .cse6)) (.cse1 (and .cse10 .cse9 (<= 1 ~switchedOnBeforeTS~0) .cse6)) (.cse2 (< |old(~pumpRunning~0)| 1)) (.cse3 (and .cse5 .cse9 .cse6)) (.cse8 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 .cse1 (not (= |old(~waterLevel~0)| 2)) .cse2 .cse3 .cse4) (or (and .cse5 (= ~waterLevel~0 1) .cse6) .cse7 (not (= |old(~waterLevel~0)| 1)) .cse4) (or .cse0 .cse7 (and .cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1 .cse3 .cse8) (or .cse0 (< |old(~switchedOnBeforeTS~0)| 1) .cse1 .cse2 .cse3 .cse4 .cse8))))) [2023-11-06 23:05:44,794 INFO L895 garLoopResultBuilder]: At program point L901(line 901) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse5) (or (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1))) [2023-11-06 23:05:44,794 INFO L899 garLoopResultBuilder]: For program point L901-1(line 901) no Hoare annotation was computed. [2023-11-06 23:05:44,794 INFO L899 garLoopResultBuilder]: For program point L64(lines 64 68) no Hoare annotation was computed. [2023-11-06 23:05:44,795 INFO L895 garLoopResultBuilder]: At program point L320(line 320) the Hoare annotation is: (let ((.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2) (or (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (not .cse1)) .cse2))) [2023-11-06 23:05:44,795 INFO L895 garLoopResultBuilder]: At program point L320-1(lines 301 325) the Hoare annotation is: (let ((.cse2 (= |old(~waterLevel~0)| 2)) (.cse0 (= ~pumpRunning~0 0)) (.cse8 (< |old(~pumpRunning~0)| 1)) (.cse4 (= 0 ~systemActive~0)) (.cse3 (< 2 |old(~waterLevel~0)|)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= 1 ~switchedOnBeforeTS~0))) (and (let ((.cse1 (not .cse4))) (or (not (= |old(~pumpRunning~0)| 0)) (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) .cse1) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse1 .cse2) .cse3)) (let ((.cse6 (= ~waterLevel~0 1))) (or (and .cse5 .cse6 .cse7) (not .cse2) .cse8 .cse4 (and .cse0 .cse6 .cse7))) (let ((.cse9 (<= ~waterLevel~0 2))) (or (< |old(~switchedOnBeforeTS~0)| 1) (and .cse0 .cse9 .cse7) .cse8 .cse4 .cse3 (and .cse5 .cse9 .cse7))))) [2023-11-06 23:05:44,795 INFO L895 garLoopResultBuilder]: At program point L64-2(lines 60 71) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4)) (or (and .cse3 (= ~waterLevel~0 1) .cse4) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse2))) [2023-11-06 23:05:44,796 INFO L899 garLoopResultBuilder]: For program point L254-1(lines 254 260) no Hoare annotation was computed. [2023-11-06 23:05:44,796 INFO L899 garLoopResultBuilder]: For program point L444(lines 444 448) no Hoare annotation was computed. [2023-11-06 23:05:44,796 INFO L899 garLoopResultBuilder]: For program point L444-2(lines 444 448) no Hoare annotation was computed. [2023-11-06 23:05:44,796 INFO L895 garLoopResultBuilder]: At program point isLowWaterSensorDry_returnLabel#1(lines 151 159) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4)) (or (and .cse3 (= ~waterLevel~0 1) .cse4) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse2))) [2023-11-06 23:05:44,797 INFO L895 garLoopResultBuilder]: At program point L874(line 874) the Hoare annotation is: (let ((.cse1 (not (= |old(~waterLevel~0)| 2))) (.cse5 (< |old(~pumpRunning~0)| 1)) (.cse6 (= 0 ~systemActive~0)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (= ~pumpRunning~0 0)) (.cse9 (< 2 |old(~waterLevel~0)|))) (and (or .cse0 .cse1) (let ((.cse3 (= ~waterLevel~0 1))) (or (and .cse2 .cse3 .cse4) .cse1 .cse5 .cse6 (and .cse7 .cse3 .cse4))) (let ((.cse8 (<= ~waterLevel~0 2))) (or (< |old(~switchedOnBeforeTS~0)| 1) (and .cse7 .cse8 .cse4) .cse5 .cse6 .cse9 (and .cse2 .cse8 .cse4))) (or .cse0 (and .cse7 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse9))) [2023-11-06 23:05:44,797 INFO L899 garLoopResultBuilder]: For program point L874-1(line 874) no Hoare annotation was computed. [2023-11-06 23:05:44,797 INFO L899 garLoopResultBuilder]: For program point timeShiftFINAL(lines 240 266) no Hoare annotation was computed. [2023-11-06 23:05:44,797 INFO L899 garLoopResultBuilder]: For program point L247(lines 247 253) no Hoare annotation was computed. [2023-11-06 23:05:44,798 INFO L895 garLoopResultBuilder]: At program point getWaterLevel_returnLabel#1(lines 128 136) the Hoare annotation is: (let ((.cse3 (= |old(~waterLevel~0)| 2))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not .cse3)) (.cse1 (= ~pumpRunning~0 0)) (.cse9 (< |old(~pumpRunning~0)| 1)) (.cse2 (= 0 ~systemActive~0)) (.cse4 (< 2 |old(~waterLevel~0)|)) (.cse5 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse7 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) (not .cse2) .cse3) .cse4) (let ((.cse6 (= ~waterLevel~0 1))) (or (and .cse5 .cse6 .cse7) .cse8 .cse9 .cse2 (and .cse1 .cse6 .cse7))) (or .cse0 (= 2 |timeShift_getWaterLevel_#res#1|) .cse8) (let ((.cse10 (<= ~waterLevel~0 2))) (or (< |old(~switchedOnBeforeTS~0)| 1) (and .cse1 .cse10 .cse7) .cse9 .cse2 .cse4 (and .cse5 .cse10 .cse7)))))) [2023-11-06 23:05:44,798 INFO L899 garLoopResultBuilder]: For program point L247-2(lines 243 265) no Hoare annotation was computed. [2023-11-06 23:05:44,798 INFO L899 garLoopResultBuilder]: For program point L309(lines 309 317) no Hoare annotation was computed. [2023-11-06 23:05:44,799 INFO L899 garLoopResultBuilder]: For program point L305(lines 305 322) no Hoare annotation was computed. [2023-11-06 23:05:44,799 INFO L895 garLoopResultBuilder]: At program point L859(line 859) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse5) (or (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1))) [2023-11-06 23:05:44,799 INFO L899 garLoopResultBuilder]: For program point L859-1(line 859) no Hoare annotation was computed. [2023-11-06 23:05:44,799 INFO L899 garLoopResultBuilder]: For program point L876(lines 876 886) no Hoare annotation was computed. [2023-11-06 23:05:44,800 INFO L895 garLoopResultBuilder]: At program point __automaton_fail_returnLabel#1(lines 836 843) the Hoare annotation is: (let ((.cse0 (< 2 |old(~waterLevel~0)|)) (.cse1 (< |old(~pumpRunning~0)| 1)) (.cse2 (= 0 ~systemActive~0))) (and (or (not (= |old(~pumpRunning~0)| 0)) .cse0) (or (< |old(~switchedOnBeforeTS~0)| 1) .cse1 .cse2 .cse0) (or (not (= |old(~waterLevel~0)| 2)) .cse1 .cse2))) [2023-11-06 23:05:44,800 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 240 266) the Hoare annotation is: (let ((.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|)) (.cse2 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 (and .cse2 .cse3 .cse4) .cse5) (or (and (= ~pumpRunning~0 0) .cse3 .cse4) (not (= |old(~pumpRunning~0)| 0)) .cse5) (or (and .cse2 (= 2 ~waterLevel~0) .cse3) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1))) [2023-11-06 23:05:44,800 INFO L899 garLoopResultBuilder]: For program point L872(lines 872 889) no Hoare annotation was computed. [2023-11-06 23:05:44,801 INFO L895 garLoopResultBuilder]: At program point L872-1(lines 864 892) the Hoare annotation is: (let ((.cse10 (= 0 ~systemActive~0)) (.cse3 (= |old(~waterLevel~0)| 2))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse8 (not .cse3)) (.cse1 (= ~pumpRunning~0 0)) (.cse2 (not .cse10)) (.cse9 (< |old(~pumpRunning~0)| 1)) (.cse4 (< 2 |old(~waterLevel~0)|)) (.cse7 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse6 (<= 1 ~switchedOnBeforeTS~0))) (and (or .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0) .cse2 .cse3) .cse4) (let ((.cse5 (= ~waterLevel~0 1))) (or (and .cse1 .cse5 .cse6 .cse2) (and .cse7 .cse5 .cse6) .cse8 .cse9 .cse10)) (or .cse0 .cse8 (and (= 2 |timeShift_getWaterLevel_#res#1|) (= |timeShift___utac_acc__Specification5_spec__3_~tmp~9#1| 2))) (let ((.cse11 (<= ~waterLevel~0 2))) (or (< |old(~switchedOnBeforeTS~0)| 1) (and .cse1 .cse11 .cse6 .cse2) .cse9 .cse10 .cse4 (and .cse7 .cse11 .cse6)))))) [2023-11-06 23:05:44,801 INFO L895 garLoopResultBuilder]: At program point isLowWaterLevel_returnLabel#1(lines 435 453) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4)) (or (and .cse3 (= ~waterLevel~0 1) .cse4) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse2))) [2023-11-06 23:05:44,801 INFO L895 garLoopResultBuilder]: At program point L315(line 315) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4)) (or (and .cse3 (= ~waterLevel~0 1) .cse4) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse2))) [2023-11-06 23:05:44,802 INFO L895 garLoopResultBuilder]: At program point L311(line 311) the Hoare annotation is: (let ((.cse3 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse4 (<= 1 ~switchedOnBeforeTS~0)) (.cse0 (< |old(~pumpRunning~0)| 1)) (.cse1 (= 0 ~systemActive~0)) (.cse2 (< 2 |old(~waterLevel~0)|))) (and (or (< |old(~switchedOnBeforeTS~0)| 1) .cse0 .cse1 .cse2 (and .cse3 (<= ~waterLevel~0 2) .cse4)) (or (and .cse3 (= ~waterLevel~0 1) .cse4) (not (= |old(~waterLevel~0)| 2)) .cse0 .cse1) (or (not (= |old(~pumpRunning~0)| 0)) .cse2))) [2023-11-06 23:05:44,802 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__2_returnLabel#1(lines 854 863) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse1 (<= 1 ~switchedOnBeforeTS~0)) (.cse2 (< |old(~pumpRunning~0)| 1)) (.cse3 (= 0 ~systemActive~0)) (.cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse5 (< 2 |old(~waterLevel~0)|))) (and (or (and .cse0 (= 2 ~waterLevel~0) .cse1) (not (= |old(~waterLevel~0)| 2)) .cse2 .cse3) (or (and .cse0 .cse4 .cse1) (< |old(~switchedOnBeforeTS~0)| 1) .cse2 .cse3 .cse5) (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) .cse4) .cse5))) [2023-11-06 23:05:44,802 INFO L899 garLoopResultBuilder]: For program point L877(lines 877 883) no Hoare annotation was computed. [2023-11-06 23:05:44,803 INFO L899 garLoopResultBuilder]: For program point timeShiftEXIT(lines 240 266) no Hoare annotation was computed. [2023-11-06 23:05:44,803 INFO L899 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 840) no Hoare annotation was computed. [2023-11-06 23:05:44,803 INFO L899 garLoopResultBuilder]: For program point L840(line 840) no Hoare annotation was computed. [2023-11-06 23:05:44,803 INFO L902 garLoopResultBuilder]: At program point L225(lines 164 229) the Hoare annotation is: true [2023-11-06 23:05:44,803 INFO L899 garLoopResultBuilder]: For program point L184(lines 184 190) no Hoare annotation was computed. [2023-11-06 23:05:44,804 INFO L899 garLoopResultBuilder]: For program point L184-1(lines 184 190) no Hoare annotation was computed. [2023-11-06 23:05:44,804 INFO L899 garLoopResultBuilder]: For program point L176(lines 176 180) no Hoare annotation was computed. [2023-11-06 23:05:44,804 INFO L902 garLoopResultBuilder]: At program point runTest_returnLabel#1(lines 956 966) the Hoare annotation is: true [2023-11-06 23:05:44,804 INFO L895 garLoopResultBuilder]: At program point select_features_returnLabel#1(lines 1005 1011) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:05:44,805 INFO L902 garLoopResultBuilder]: At program point main_returnLabel#1(lines 970 992) the Hoare annotation is: true [2023-11-06 23:05:44,805 INFO L899 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2023-11-06 23:05:44,805 INFO L895 garLoopResultBuilder]: At program point L222(lines 173 223) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 2)) (.cse5 (= ~pumpRunning~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse4) (and .cse5 .cse1 .cse2 .cse3) (and .cse5 (= ~waterLevel~0 1)) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse3 .cse4))) [2023-11-06 23:05:44,805 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2023-11-06 23:05:44,805 INFO L899 garLoopResultBuilder]: For program point L210(lines 210 216) no Hoare annotation was computed. [2023-11-06 23:05:44,806 INFO L895 garLoopResultBuilder]: At program point L210-2(lines 204 217) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse3 .cse4))) [2023-11-06 23:05:44,806 INFO L899 garLoopResultBuilder]: For program point L458(lines 458 464) no Hoare annotation was computed. [2023-11-06 23:05:44,806 INFO L895 garLoopResultBuilder]: At program point setup_returnLabel#1(lines 949 955) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~10#1| 1)) [2023-11-06 23:05:44,806 INFO L899 garLoopResultBuilder]: For program point L458-1(lines 458 464) no Hoare annotation was computed. [2023-11-06 23:05:44,807 INFO L899 garLoopResultBuilder]: For program point L194(lines 194 200) no Hoare annotation was computed. [2023-11-06 23:05:44,807 INFO L899 garLoopResultBuilder]: For program point L194-1(lines 194 200) no Hoare annotation was computed. [2023-11-06 23:05:44,807 INFO L899 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2023-11-06 23:05:44,807 INFO L895 garLoopResultBuilder]: At program point L219(lines 174 221) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse3 .cse4))) [2023-11-06 23:05:44,807 INFO L895 garLoopResultBuilder]: At program point L186(line 186) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse3 .cse4))) [2023-11-06 23:05:44,808 INFO L895 garLoopResultBuilder]: At program point __utac_acc__Specification5_spec__1_returnLabel#1(lines 846 853) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~10#1| 1)) [2023-11-06 23:05:44,808 INFO L899 garLoopResultBuilder]: For program point $Ultimate##0(line -1) no Hoare annotation was computed. [2023-11-06 23:05:44,808 INFO L895 garLoopResultBuilder]: At program point select_helpers_returnLabel#1(lines 1012 1018) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:05:44,808 INFO L899 garLoopResultBuilder]: For program point L980(lines 980 987) no Hoare annotation was computed. [2023-11-06 23:05:44,809 INFO L895 garLoopResultBuilder]: At program point stopSystem_returnLabel#1(lines 454 468) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (<= ~waterLevel~0 2) (= |ULTIMATE.start_main_~tmp~10#1| 1)) [2023-11-06 23:05:44,809 INFO L899 garLoopResultBuilder]: For program point L980-2(lines 980 987) no Hoare annotation was computed. [2023-11-06 23:05:44,809 INFO L899 garLoopResultBuilder]: For program point L175(lines 174 221) no Hoare annotation was computed. [2023-11-06 23:05:44,809 INFO L899 garLoopResultBuilder]: For program point L204(lines 204 217) no Hoare annotation was computed. [2023-11-06 23:05:44,809 INFO L895 garLoopResultBuilder]: At program point L460(line 460) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse2 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse3 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 (<= ~waterLevel~0 2) (<= 1 ~switchedOnBeforeTS~0) .cse2 .cse3) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse2 .cse3))) [2023-11-06 23:05:44,810 INFO L895 garLoopResultBuilder]: At program point valid_product_returnLabel#1(lines 1019 1027) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2023-11-06 23:05:44,810 INFO L895 garLoopResultBuilder]: At program point L196(line 196) the Hoare annotation is: (let ((.cse2 (<= ~waterLevel~0 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| 1)) (.cse3 (= |ULTIMATE.start_main_~tmp~10#1| 1)) (.cse4 (not (= 0 ~systemActive~0)))) (or (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0) .cse3 .cse4) (and (= ~pumpRunning~0 0) .cse1 .cse2 .cse3) (and .cse0 (= 2 ~waterLevel~0) .cse1 .cse3 .cse4))) [2023-11-06 23:05:44,810 INFO L895 garLoopResultBuilder]: At program point L289(line 289) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~1#1| 0)) .cse1))) [2023-11-06 23:05:44,810 INFO L899 garLoopResultBuilder]: For program point L283(lines 283 291) no Hoare annotation was computed. [2023-11-06 23:05:44,811 INFO L899 garLoopResultBuilder]: For program point L279(lines 279 296) no Hoare annotation was computed. [2023-11-06 23:05:44,811 INFO L899 garLoopResultBuilder]: For program point L141(lines 141 147) no Hoare annotation was computed. [2023-11-06 23:05:44,811 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 275 299) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) .cse1))) [2023-11-06 23:05:44,811 INFO L895 garLoopResultBuilder]: At program point L294(line 294) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|) (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) .cse1))) [2023-11-06 23:05:44,812 INFO L899 garLoopResultBuilder]: For program point L294-1(lines 275 299) no Hoare annotation was computed. [2023-11-06 23:05:44,812 INFO L895 garLoopResultBuilder]: At program point isHighWaterSensorDry_returnLabel#1(lines 137 150) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (let ((.cse2 (= ~pumpRunning~0 0))) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and .cse2 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 1)) (and .cse2 (= 2 ~waterLevel~0)) .cse1)))) [2023-11-06 23:05:44,812 INFO L895 garLoopResultBuilder]: At program point isHighWaterLevel_returnLabel#1(lines 416 434) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse2 (= 0 ~systemActive~0))) (and (let ((.cse1 (= ~pumpRunning~0 0))) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and .cse1 (= 2 ~waterLevel~0)) (and .cse1 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)) .cse2)) (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse2))) [2023-11-06 23:05:44,812 INFO L899 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 275 299) no Hoare annotation was computed. [2023-11-06 23:05:44,813 INFO L899 garLoopResultBuilder]: For program point L342(lines 342 348) no Hoare annotation was computed. [2023-11-06 23:05:44,813 INFO L895 garLoopResultBuilder]: At program point L342-2(lines 335 351) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (let ((.cse2 (= 2 ~waterLevel~0))) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) .cse2) (and (= ~pumpRunning~0 0) .cse2) .cse1)))) [2023-11-06 23:05:44,813 INFO L895 garLoopResultBuilder]: At program point isMethaneLevelCritical_returnLabel#1(lines 96 104) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= 2 ~waterLevel~0)) .cse1))) [2023-11-06 23:05:44,813 INFO L895 garLoopResultBuilder]: At program point isMethaneAlarm_returnLabel#1(lines 360 370) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= 2 ~waterLevel~0)) .cse1))) [2023-11-06 23:05:44,814 INFO L899 garLoopResultBuilder]: For program point L425(lines 425 429) no Hoare annotation was computed. [2023-11-06 23:05:44,814 INFO L899 garLoopResultBuilder]: For program point L425-2(lines 425 429) no Hoare annotation was computed. [2023-11-06 23:05:44,814 INFO L895 garLoopResultBuilder]: At program point activatePump__wrappee__lowWaterSensor_returnLabel#1(lines 326 333) the Hoare annotation is: (let ((.cse0 (< 2 ~waterLevel~0)) (.cse1 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) (< |old(~pumpRunning~0)| 1) .cse1) (or .cse0 (not (= |old(~pumpRunning~0)| 0)) (and (<= 1 ~pumpRunning~0) (= 2 ~waterLevel~0)) .cse1))) [2023-11-06 23:05:44,814 INFO L899 garLoopResultBuilder]: For program point waterRiseEXIT(lines 72 83) no Hoare annotation was computed. [2023-11-06 23:05:44,814 INFO L899 garLoopResultBuilder]: For program point L76-1(lines 72 83) no Hoare annotation was computed. [2023-11-06 23:05:44,815 INFO L895 garLoopResultBuilder]: At program point $Ultimate##0(lines 72 83) the Hoare annotation is: (let ((.cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (< 2 |old(~waterLevel~0)|)) (.cse0 (< ~pumpRunning~0 1)) (.cse2 (= 0 ~systemActive~0))) (and (or .cse0 (< ~switchedOnBeforeTS~0 1) .cse1 .cse2 .cse3) (or (not (= ~pumpRunning~0 0)) .cse1 .cse3) (or .cse0 (= 2 ~waterLevel~0) (not (= |old(~waterLevel~0)| 2)) .cse2))) [2023-11-06 23:05:44,815 INFO L899 garLoopResultBuilder]: For program point isPumpRunningEXIT(lines 371 379) no Hoare annotation was computed. [2023-11-06 23:05:44,815 INFO L899 garLoopResultBuilder]: For program point isPumpRunningFINAL(lines 371 379) no Hoare annotation was computed. [2023-11-06 23:05:44,815 INFO L902 garLoopResultBuilder]: At program point $Ultimate##0(lines 371 379) the Hoare annotation is: true [2023-11-06 23:05:44,818 INFO L445 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2023-11-06 23:05:44,821 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2023-11-06 23:05:44,872 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 06.11 11:05:44 BoogieIcfgContainer [2023-11-06 23:05:44,873 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2023-11-06 23:05:44,873 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2023-11-06 23:05:44,874 INFO L270 PluginConnector]: Initializing Witness Printer... [2023-11-06 23:05:44,874 INFO L274 PluginConnector]: Witness Printer initialized [2023-11-06 23:05:44,875 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 06.11 11:05:17" (3/4) ... [2023-11-06 23:05:44,877 INFO L137 WitnessPrinter]: Generating witness for correct program [2023-11-06 23:05:44,882 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2023-11-06 23:05:44,883 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2023-11-06 23:05:44,883 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2023-11-06 23:05:44,883 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2023-11-06 23:05:44,883 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2023-11-06 23:05:44,884 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2023-11-06 23:05:44,884 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2023-11-06 23:05:44,884 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2023-11-06 23:05:44,895 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 17 nodes and edges [2023-11-06 23:05:44,896 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2023-11-06 23:05:44,897 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2023-11-06 23:05:44,898 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 23:05:44,899 INFO L939 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2023-11-06 23:05:44,934 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 23:05:44,935 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) [2023-11-06 23:05:44,935 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) [2023-11-06 23:05:44,936 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) [2023-11-06 23:05:44,936 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || ((pumpRunning == 0) && (waterLevel == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) [2023-11-06 23:05:44,937 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) && ((((((pumpRunning == 0) && (waterLevel == 1)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || !((\old(waterLevel) == 1))) || (0 == systemActive))) && ((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (2 < \old(waterLevel)))) && (((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || (\old(switchedOnBeforeTS) < 1)) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,937 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,938 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,939 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || ((2 == \result) && (tmp == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || ((((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,939 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((0 == systemActive)))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,940 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel))) && ((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 23:05:44,941 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1)) [2023-11-06 23:05:44,941 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || (2 == \result)) || !((\old(waterLevel) == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,941 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,942 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,942 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,943 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 23:05:44,943 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,944 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,944 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,944 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,988 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) [2023-11-06 23:05:44,988 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) [2023-11-06 23:05:44,988 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) [2023-11-06 23:05:44,989 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) [2023-11-06 23:05:44,989 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || ((pumpRunning == 0) && (waterLevel == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) [2023-11-06 23:05:44,989 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) && ((((((pumpRunning == 0) && (waterLevel == 1)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || !((\old(waterLevel) == 1))) || (0 == systemActive))) && ((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (2 < \old(waterLevel)))) && (((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || (\old(switchedOnBeforeTS) < 1)) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,990 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,990 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,990 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || ((2 == \result) && (tmp == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || ((((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,991 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((0 == systemActive)))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,991 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel))) && ((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 23:05:44,991 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1)) [2023-11-06 23:05:44,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || (2 == \result)) || !((\old(waterLevel) == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) [2023-11-06 23:05:44,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,992 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) [2023-11-06 23:05:44,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) [2023-11-06 23:05:44,993 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,994 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,994 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:44,994 WARN L115 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) [2023-11-06 23:05:45,011 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.graphml [2023-11-06 23:05:45,012 INFO L149 WitnessManager]: Wrote witness to /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/witness.graphml.yaml [2023-11-06 23:05:45,012 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2023-11-06 23:05:45,013 INFO L158 Benchmark]: Toolchain (without parser) took 29274.97ms. Allocated memory was 155.2MB in the beginning and 648.0MB in the end (delta: 492.8MB). Free memory was 110.1MB in the beginning and 502.7MB in the end (delta: -392.7MB). Peak memory consumption was 102.0MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,014 INFO L158 Benchmark]: CDTParser took 0.36ms. Allocated memory is still 113.2MB. Free memory is still 69.4MB. There was no memory consumed. Max. memory is 16.1GB. [2023-11-06 23:05:45,014 INFO L158 Benchmark]: CACSL2BoogieTranslator took 621.18ms. Allocated memory is still 155.2MB. Free memory was 109.8MB in the beginning and 90.2MB in the end (delta: 19.7MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,015 INFO L158 Benchmark]: Boogie Procedure Inliner took 81.66ms. Allocated memory is still 155.2MB. Free memory was 90.2MB in the beginning and 87.8MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,015 INFO L158 Benchmark]: Boogie Preprocessor took 57.20ms. Allocated memory is still 155.2MB. Free memory was 87.8MB in the beginning and 86.0MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,016 INFO L158 Benchmark]: RCFGBuilder took 837.07ms. Allocated memory is still 155.2MB. Free memory was 86.0MB in the beginning and 68.5MB in the end (delta: 17.5MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,016 INFO L158 Benchmark]: TraceAbstraction took 27522.37ms. Allocated memory was 155.2MB in the beginning and 648.0MB in the end (delta: 492.8MB). Free memory was 67.5MB in the beginning and 511.1MB in the end (delta: -443.6MB). Peak memory consumption was 341.1MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,017 INFO L158 Benchmark]: Witness Printer took 139.09ms. Allocated memory is still 648.0MB. Free memory was 511.1MB in the beginning and 502.7MB in the end (delta: 8.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2023-11-06 23:05:45,019 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.36ms. Allocated memory is still 113.2MB. Free memory is still 69.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 621.18ms. Allocated memory is still 155.2MB. Free memory was 109.8MB in the beginning and 90.2MB in the end (delta: 19.7MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 81.66ms. Allocated memory is still 155.2MB. Free memory was 90.2MB in the beginning and 87.8MB in the end (delta: 2.4MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 57.20ms. Allocated memory is still 155.2MB. Free memory was 87.8MB in the beginning and 86.0MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 837.07ms. Allocated memory is still 155.2MB. Free memory was 86.0MB in the beginning and 68.5MB in the end (delta: 17.5MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 27522.37ms. Allocated memory was 155.2MB in the beginning and 648.0MB in the end (delta: 492.8MB). Free memory was 67.5MB in the beginning and 511.1MB in the end (delta: -443.6MB). Peak memory consumption was 341.1MB. Max. memory is 16.1GB. * Witness Printer took 139.09ms. Allocated memory is still 648.0MB. Free memory was 511.1MB in the beginning and 502.7MB in the end (delta: 8.4MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [49] - GenericResultAtLocation [Line: 160]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [160] - GenericResultAtLocation [Line: 230]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [230] - GenericResultAtLocation [Line: 469]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [469] - GenericResultAtLocation [Line: 835]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [835] - GenericResultAtLocation [Line: 844]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [844] - GenericResultAtLocation [Line: 893]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [893] - GenericResultAtLocation [Line: 993]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [993] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 840]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 103 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 27.4s, OverallIterations: 9, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.1s, AutomataDifference: 5.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 17.3s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2387 SdHoareTripleChecker+Valid, 3.0s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2358 mSDsluCounter, 5353 SdHoareTripleChecker+Invalid, 2.5s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4082 mSDsCounter, 732 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2613 IncrementalHoareTripleChecker+Invalid, 3345 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 732 mSolverCounterUnsat, 1271 mSDtfsCounter, 2613 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 395 GetRequests, 285 SyntacticMatches, 4 SemanticMatches, 106 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 651 ImplicationChecksByTransitivity, 1.3s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1158occurred in iteration=8, InterpolantAutomatonStates: 103, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.8s AutomataMinimizationTime, 9 MinimizatonAttempts, 371 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 48 LocationsWithAnnotation, 4922 PreInvPairs, 6834 NumberOfFragments, 2172 HoareAnnotationTreeSize, 4922 FomulaSimplifications, 180795 FormulaSimplificationTreeSizeReduction, 6.9s HoareSimplificationTime, 48 FomulaSimplificationsInter, 47172 FormulaSimplificationTreeSizeReductionInter, 10.1s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.6s InterpolantComputationTime, 581 NumberOfCodeBlocks, 581 NumberOfCodeBlocksAsserted, 10 NumberOfCheckSat, 670 ConstructedInterpolants, 0 QuantifiedInterpolants, 1305 SizeOfPredicates, 3 NumberOfNonLiveVariables, 346 ConjunctsInSsa, 8 ConjunctsInUnsatCore, 11 InterpolantComputations, 8 PerfectInterpolantSequences, 97/123 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 949]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) - InvariantResult [Line: 326]: Loop Invariant Derived loop invariant: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 1005]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 164]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 435]: Loop Invariant Derived loop invariant: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 864]: Loop Invariant Derived loop invariant: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && ((((((((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && ((!((\old(pumpRunning) == 0)) || !((\old(waterLevel) == 2))) || ((2 == \result) && (tmp == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || ((((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) - InvariantResult [Line: 137]: Loop Invariant Derived loop invariant: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\result == 1))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 151]: Loop Invariant Derived loop invariant: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 416]: Loop Invariant Derived loop invariant: ((((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (((pumpRunning == 0) && (tmp___0 == 0)) && (\result == 0))) || (0 == systemActive)) && ((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 956]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: (((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || ((pumpRunning == 0) && (waterLevel == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) - InvariantResult [Line: 895]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 846]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) && (tmp == 1)) - InvariantResult [Line: 454]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1)) - InvariantResult [Line: 836]: Loop Invariant Derived loop invariant: (((!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel))) && ((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(waterLevel) == 2)) || (\old(pumpRunning) < 1)) || (0 == systemActive))) - InvariantResult [Line: 301]: Loop Invariant Derived loop invariant: (((((!((\old(pumpRunning) == 0)) || (((pumpRunning == 0) && (\old(waterLevel) == waterLevel)) && !((0 == systemActive)))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) - InvariantResult [Line: 905]: Loop Invariant Derived loop invariant: (((((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) && ((((((pumpRunning == 0) && (waterLevel == 1)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || !((\old(waterLevel) == 1))) || (0 == systemActive))) && ((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (2 < \old(waterLevel)))) && (((((((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) || (\old(switchedOnBeforeTS) < 1)) || ((((1 <= pumpRunning) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && !((0 == systemActive)))) || (\old(pumpRunning) < 1)) || (((pumpRunning == 0) && (waterLevel <= 2)) && !((0 == systemActive)))) || (0 == systemActive)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 128]: Loop Invariant Derived loop invariant: ((((((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && !((0 == systemActive))) && (\old(waterLevel) == 2))) || (2 < \old(waterLevel))) && (((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (((pumpRunning == 0) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)))) && ((!((\old(pumpRunning) == 0)) || (2 == \result)) || !((\old(waterLevel) == 2)))) && ((((((\old(switchedOnBeforeTS) < 1) || (((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) - InvariantResult [Line: 1019]: Loop Invariant Derived loop invariant: ((((pumpRunning == 0) && (\result == 1)) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 335]: Loop Invariant Derived loop invariant: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((1 <= pumpRunning) && (2 == waterLevel))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 1012]: Loop Invariant Derived loop invariant: (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel == 1)) - InvariantResult [Line: 96]: Loop Invariant Derived loop invariant: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 854]: Loop Invariant Derived loop invariant: ((((((((pumpRunning == \old(pumpRunning)) && (2 == waterLevel)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && (((((((pumpRunning == \old(pumpRunning)) && (\old(waterLevel) == waterLevel)) && (1 <= switchedOnBeforeTS)) || (\old(switchedOnBeforeTS) < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel)))) && ((!((\old(pumpRunning) == 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) || (2 < \old(waterLevel)))) - InvariantResult [Line: 60]: Loop Invariant Derived loop invariant: (((((((\old(switchedOnBeforeTS) < 1) || (\old(pumpRunning) < 1)) || (0 == systemActive)) || (2 < \old(waterLevel))) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) && ((((((pumpRunning == \old(pumpRunning)) && (waterLevel == 1)) && (1 <= switchedOnBeforeTS)) || !((\old(waterLevel) == 2))) || (\old(pumpRunning) < 1)) || (0 == systemActive))) && (!((\old(pumpRunning) == 0)) || (2 < \old(waterLevel)))) - InvariantResult [Line: 360]: Loop Invariant Derived loop invariant: (((((2 < waterLevel) || (switchedOnBeforeTS < 1)) || (\old(pumpRunning) < 1)) || (0 == systemActive)) && ((((2 < waterLevel) || !((\old(pumpRunning) == 0))) || ((pumpRunning == 0) && (2 == waterLevel))) || (0 == systemActive))) - InvariantResult [Line: 970]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 174]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning) && (\result == 1)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (tmp == 1)) && !((0 == systemActive))) || ((((pumpRunning == 0) && (\result == 1)) && (waterLevel <= 2)) && (tmp == 1))) || (((((1 <= pumpRunning) && (2 == waterLevel)) && (\result == 1)) && (tmp == 1)) && !((0 == systemActive)))) RESULT: Ultimate proved your program to be correct! [2023-11-06 23:05:45,088 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_3832f833-914d-42a4-80da-ce0c0a30be9c/bin/uautomizer-verify-WvqO1wxjHP/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE